TraCarta/Legal/Privacy

Privacy Policy

Effective: 1 April 2028 TraCarta · Est. Gurgaon, 2018

How TraCarta collects, uses, protects and retires personal data, written to the standard of the Digital Personal Data Protection Act, 2023, and to our own: data is handled for one purpose, inside one perimeter, for no longer than the work requires.

01.

Who we are

TraCarta India Private Limited ("TraCarta", "we", "us") is a specialist professional-services firm, established in Gurgaon in 2018, engaged in the reconciliation of airline Goods and Services Tax and the recovery of Input Tax Credit for businesses in India. For the purposes of the Digital Personal Data Protection Act, 2023 ("DPDP Act"), TraCarta acts as a Data Fiduciary for data collected through this website, and ordinarily as a Data Processor for personal data contained in client engagement materials, processing it on our clients' documented instructions.

02.

The data we collect

We collect only what the work requires:

  • Website datainformation you submit through our contact and careers forms: name, work email, organisation, designation, and the contents of your message.
  • Engagement dataprovided by clients under contract: traveller names as they appear on tickets and invoices, booking references and PNRs, airline GST invoices, GSTIN and entity details, and GSTR-2A/2B extracts.
  • Technical datalimited log and cookie data described in our Cookie Policy.

We do not collect data speculatively, and we do not purchase, rent or scrape personal data from any source.

03.

Why we process it

Personal data is processed for enumerated purposes only:

  • To respond to enquiries and conduct the engagements our clients contract us for, sourcing, verifying and reconciling airline GST invoices against statutory filings;
  • To meet our own legal, tax and regulatory obligations;
  • To operate, secure and improve this website;
  • To evaluate applications submitted to our careers page.

We do not use personal data for advertising, profiling, or sale to any party, in any circumstance. Engagement data is used solely to deliver the contracted service to the client who supplied it.

04.

Legal basis

We process website data on the basis of your consent, given when you submit a form, and withdrawable at any time. We process engagement data on the basis of the contract with our client and their lawful instructions, and where applicable for compliance with legal obligations under Indian tax law. Where the DPDP Act requires notice or consent from data principals, responsibility is allocated between TraCarta and the client in the engagement agreement.

05.

Sharing & disclosure

We share personal data only in the narrow channels the work requires:

  • Airlines and portalsinvoice identifiers and booking references, to the extent necessary to source or correct GST invoices;
  • Service providersvetted infrastructure providers (hosting, email) bound by contractual confidentiality and security obligations;
  • Authoritieswhere disclosure is required by law, by order of a court, or by a competent authority.

We never disclose one client's data to another. We have no data-sharing arrangements with advertisers or data brokers.

06.

Security

Engagement data lives inside a defined perimeter: encrypted in transit and at rest, access-limited to personnel assigned to the engagement, logged, and segregated by client. Our security practices are described further on our Security & Trust page. No method of storage or transmission is perfectly secure; we design so that any single failure is contained, detected and answerable.

07.

Retention

We retain personal data no longer than the purpose requires. Website enquiries are retained for up to 24 months. Engagement data is retained for the duration of the engagement and any period required by Indian tax and audit law, after which it is securely destroyed or returned as the engagement agreement directs. Retention schedules for personally identifiable information are detailed in our PII Policy.

08.

Your rights

Subject to the DPDP Act and applicable law, you may request: access to the personal data we hold about you; correction or completion of inaccurate data; erasure where the data is no longer necessary; and grievance redressal. Where we act as processor for a client, we will refer or coordinate your request with that client as the law requires. Requests are made to the contact in Section 10 and are answered within statutory timelines.

09.

Children

Our services and website are directed at businesses and working professionals. We do not knowingly collect the personal data of children, and our engagements do not involve it.

10.

Grievance officer & contact

Questions, requests or grievances under this policy may be addressed to our Grievance Officer at legal@tracarta.in or by post to our registered office in Gurugram, Haryana. We acknowledge grievances promptly and aim to resolve them within the timelines prescribed under applicable law.

Grievance Officer: [Name]reachable at the address above.

11.

Changes to this policy

When this policy changes, the effective date above changes with it, and material changes are flagged on this page. The current version is always the one published here. Continued use of the website after a change constitutes acceptance of the revised policy.